Debian DSA-2053-1 : linux-2.6 - privilege escalation/denial of service/information leak

high Nessus Plugin ID 46725


New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote Debian host is missing a security-related update.


Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2009-4537 Fabian Yamaguchi reported a missing check for Ethernet frames larger than the MTU in the r8169 driver. This may allow users on the local network to crash a system, resulting in a denial of service.

- CVE-2010-0727 Sachin Prabhu reported an issue in the GFS2 filesystem.
Local users can trigger a BUG() altering the permissions on a locked file, resulting in a denial of service.

- CVE-2010-1083 Linus Torvalds reported an issue in the USB subsystem, which may allow local users to obtain portions of sensitive kernel memory.

- CVE-2010-1084 Neil Brown reported an issue in the Bluetooth subsystem that may permit remote attackers to overwrite memory through the creation of large numbers of sockets, resulting in a denial of service.

- CVE-2010-1086 Ang Way Chuang reported an issue in the DVB subsystem for Digital TV adapters. By creating a specially-encoded MPEG2-TS frame, a remote attacker could cause the receiver to enter an endless loop, resulting in a denial of service.

- CVE-2010-1087 Trond Myklebust reported an issue in the NFS filesystem.
A local user may cause an oops by sending a fatal signal during a file truncation operation, resulting in a denial of service.

- CVE-2010-1088 Al Viro reported an issue where automount symlinks may not be followed when LOOKUP_FOLLOW is not set. This has an unknown security impact.

- CVE-2010-1162 Catalin Marinas reported an issue in the tty subsystem that allows local attackers to cause a kernel memory leak, possibly resulting in a denial of service.

- CVE-2010-1173 Chris Guo from Nokia China and Jukka Taimisto and Olli Jarva from Codenomicon Ltd reported an issue in the SCTP subsystem that allows a remote attacker to cause a denial of service using a malformed init package.

- CVE-2010-1187 Neil Hormon reported an issue in the TIPC subsystem.
Local users can cause a denial of service by way of a NULL pointer dereference by sending datagrams through AF_TIPC before entering network mode.

- CVE-2010-1437 Toshiyuki Okajima reported a race condition in the keyring subsystem. Local users can cause memory corruption via keyctl commands that access a keyring in the process of being deleted, resulting in a denial of service.

- CVE-2010-1446 Wufei reported an issue with kgdb on the PowerPC architecture, allowing local users to write to kernel memory. Note: this issue does not affect binary kernels provided by Debian. The fix is provided for the benefit of users who build their own kernels from Debian source.

- CVE-2010-1451 Brad Spengler reported an issue on the SPARC architecture that allows local users to execute non-executable pages.

This update also includes fixes a regression introduced by a previous update. See the referenced Debian bug page for details.


Upgrade the linux-2.6 and user-mode-linux packages.

For the stable distribution (lenny), these problems have been fixed in version 2.6.26-22lenny1.

The user-mode-linux source package was additional rebuilt for compatibility to take advantage of this update. The updated version of the package is 2.6.26-1um-2+22lenny1.

See Also

Plugin Details

Severity: High

ID: 46725

File Name: debian_DSA-2053.nasl

Version: 1.13

Type: local

Agent: unix

Published: 5/26/2010

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux-2.6, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/25/2010

Vulnerability Publication Date: 1/12/2010

Reference Information

CVE: CVE-2009-4537, CVE-2010-0727, CVE-2010-1083, CVE-2010-1084, CVE-2010-1086, CVE-2010-1087, CVE-2010-1088, CVE-2010-1162, CVE-2010-1173, CVE-2010-1187, CVE-2010-1437, CVE-2010-1446, CVE-2010-1451

BID: 37521, 38393, 38479, 38898, 39042, 39044, 39101, 39120, 39480, 39569, 39719, 39794, 39798

DSA: 2053

CWE: 20